According to the Journal de Montreal, Sébastien Boulanger Dorval, the 37-year-old employee, now fired by the company, sold some of the data to international criminal groups via the dark web.

The data breach affected 2.9 million Desjardins customers along with over 150,000 businesses. The leaked information includes social insurance numbers, email addresses, birth dates, and full names. According to CBC News, passwords and security questions weren't compromised.

Members were notified by mail as soon as the fraud actually happened. Affected members will benefit from Equifax's credit monitoring insurance for free for five years. Apparently, the employee committed fraud because he needed the money.

Citing a police source, the Journal de Montreal wrote that there could potentially be more than a dozen criminal groups or individuals who now possess the leaked information. The data is difficult to track but investigators from the Laval Police and Sûreté du Québec have been making incredible progress.

These groups could potentially sell them to others or even keep them for themselves for whatever nefarious purposes. The primary concern here is identity theft as Desjardins was quick to point out that no account passwords or security questions were hacked.

It's believed that the criminal groups are indeed "fragmenting" the information. A source for the Journal de Montreal said that they're worried for the safety of public officials in Quebec as many of them were customers of the Desjardins Group.